NAB is retooling security operations, hiring data experts and developers instead of classic SecOps staff. The shift redefines the security platform play and talent needs across banking.
National Australia Bank is overhauling its security operations hiring strategy. Chief technology and operations officer Patrick Wright said the bank now wants software developers and data experts in its SecOps teams, not traditional packet inspectors and incident responders.
Wright appeared on theCUBE vodcast and in a Databricks Summit Live interview at the Databricks Data+AI Summit in San Francisco. Attackers are using AI agents and large language models to automate intrusions, he said. Enterprise software velocity keeps expanding the attack surface. The window to detect and contain a breach has shrunk from minutes to seconds, maybe milliseconds.
"As a bank, we've got to start battling all of this at machine speed," Wright said.
The old model – security tools pushing signals to humans staring at screens at 3 a.m. – "just doesn't work anymore," he added.
Wright described the root problem as data fragmentation. Traditional security tools evolved in isolation. Fraud, network performance, financial data, customer login patterns – all live in separate systems. A cyber event might first show up as a server-spiking performance issue or an account takeover, not a classic indicator of compromise.
"The traditional security dataset that your average security person would look at is often in a separate system from where your business runs itself," Wright said.
NAB is co-designing a new security information and event management (SIEM) platform with Databricks. The goal is to pull security, business, fraud, and operational data into one data lake. Security analysts then get a wider "aperture" – they can find anomalies across systems, not just in server logs.
"We see there's real value in getting all of that stuff in one [place] and then allowing either a business process or a security process ... to actually harvest meaningful insights off all that data," Wright said.
Wright's comments signal a shift that reaches beyond one bank. Large financial institutions with similar attack surfaces – multimillion-customer bases, real-time payments, online banking – face the same problem. The traditional SecOps vendor stack was built for slower, narrower threats. It was never designed to ingest fraud data, network telemetry, and staff login data side by side.
The practical implication: data platforms are becoming core security infrastructure, not just business analytics tools. NAB is building on Databricks. Other banks could follow, using Snowflake, Google BigQuery, or private alternatives. The vendors that win will be the ones that can unify security and business data without requiring a separate security data lake.
That also changes the competitive dynamic for security software. Traditional SIEM and SOAR vendors – Splunk, Palo Alto Networks, CrowdStrike – have invested in cloud-scale analytics. They now compete with general-purpose data platforms. If the bank's data already lives in a unified data lake, the SIEM layer becomes a query layer, not a storage silo.
"Signal[s] came out of those tools to humans," Wright said. "That pattern just doesn't work anymore."
The talent shift is just as important. Wright explicitly wants fewer forensic specialists and more people who can write software to "find signals in the noise." That means security teams will look more like engineering teams over time. For recruiters and staffing firms focused on cybersecurity, the demand mix is changing: coding skills plus data literacy, not just certifications in specific security tools.
Wright said the bank needs to "widen the aperture" of visibility beyond legacy indicators of compromise. That includes customer data, login data from customers and staff, and incident data. "All of that needs to get fed in to try and find anomalies against a much wider sphere," he said.
The shift is early. Not every bank will move this fast. NAB is a large, regulated institution with a technology-forward CTOO. When a bank that size says it is retooling its SecOps hiring and infrastructure, the rest of the sector takes note.
The Databricks partnership will be one to track. If the new SIEM platform delivers faster detection times, expect other banks to ask for similar architecture. The bottleneck has always been the cost and complexity of moving security data into a data lake. Wright's comments suggest NAB thinks that trade-off now favors the lake.
Wright said the bank is already hiring for the new roles and sees the shift as essential to defending at machine speed.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.